Zone firewall rejecting traffic

amigan_99
amigan_99 used Ask the Experts™
on
10:44:08.946 PST: %FW-6-DROP_PKT: Dropping tcp session 6.4.15.49:443 6.11.50.162:61392 on zone-pair sdm-zp-out-self class class-default due to  DROP action found in policy-map with ip ident 0

In actuality this traffic I believe is just reply traffic for https.  Not sure what the ip ident 0 reject issue is.  This is a Cisco 2811 ISR running Zone based policy firewalling.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010
Commented:
Please post the policy-map, or if you are up to it a full sanitized config.

thanks
amigan_99Network Engineer

Author

Commented:
I found a work-around.  But thanks for being willing to analyze.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial